SmartHawk

1.4

低危

该样本未表现出任何异常！

cb52cf3b89972dd9535f89a7de1e231910d0c5e06832d9af74099a30337f4d54

a87e80bf19fc32e6d98a0c34c2595a62.exe

分析耗时

18s

最近分析

文件大小

1.3MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

This executable is signed

This executable has a PDB path (1 个事件)

pdb_path

F:\branches\5.12.0\RhinoProtect\Publish\OutPut\bin\Win32\release\pdb\2345SafeCenterInstaller.pdb

Foreign language identified in PE resource (1 个事件)

name

RT_VERSION

language

LANG_CHINESE

offset

0x0014a0a0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000334

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-03-03 10:59:29

Imports

Library VERSION.dll:

• 0x512238 GetFileVersionInfoSizeW

• 0x51223c VerQueryValueW

• 0x512240 GetFileVersionInfoW

Library KERNEL32.dll:

• 0x512000 GetProcAddress

• 0x512004 GetCurrentProcess

• 0x512008 SetErrorMode

• 0x51200c MoveFileExW

• 0x512010 SetFilePointer

• 0x512014 WriteFile

• 0x512018 GetModuleFileNameW

• 0x51201c CreateFileW

• 0x512020 GetLocalTime

• 0x512024 GetCurrentThreadId

• 0x512028 GetCurrentProcessId

• 0x51202c GetEnvironmentVariableW

• 0x512030 VirtualQuery

• 0x512034 GetLogicalDriveStringsW

• 0x512038 QueryDosDeviceW

• 0x51203c LoadLibraryW

• 0x512040 HeapAlloc

• 0x512044 HeapFree

• 0x512048 WaitForSingleObject

• 0x51204c GetModuleHandleW

• 0x512050 GetProcessHeap

• 0x512054 OpenProcess

• 0x512058 GetExitCodeProcess

• 0x51205c WaitForMultipleObjects

• 0x512060 LocalFree

• 0x512064 GetPrivateProfileStringW

• 0x512068 GetUserDefaultLangID

• 0x51206c GetModuleHandleExW

• 0x512070 ReleaseMutex

• 0x512074 Sleep

• 0x512078 FreeLibrary

• 0x51207c CloseHandle

• 0x512080 GetLastError

• 0x512084 CreateMutexW

• 0x512088 GetConsoleCP

• 0x51208c IsValidCodePage

• 0x512090 SetStdHandle

• 0x512094 WriteConsoleW

• 0x512098 SetEnvironmentVariableA

• 0x51209c CreateProcessW

• 0x5120a0 GetFileTime

• 0x5120a4 ReadConsoleW

• 0x5120a8 GetConsoleMode

• 0x5120ac OutputDebugStringW

• 0x5120b0 GetTimeZoneInformation

• 0x5120b4 FlushFileBuffers

• 0x5120b8 ExpandEnvironmentStringsW

• 0x5120bc SearchPathW

• 0x5120c0 GetDriveTypeW

• 0x5120c4 GetFileAttributesW

• 0x5120c8 FindFirstFileW

• 0x5120cc GetLongPathNameW

• 0x5120d0 GetFileAttributesExW

• 0x5120d4 GetDiskFreeSpaceW

• 0x5120d8 GetVolumeInformationW

• 0x5120dc WideCharToMultiByte

• 0x5120e0 GetACP

• 0x5120e4 MultiByteToWideChar

• 0x5120e8 lstrlenW

• 0x5120ec FindResourceW

• 0x5120f0 LoadResource

• 0x5120f4 GetVersionExW

• 0x5120f8 LockResource

• 0x5120fc GetSystemInfo

• 0x512100 lstrcmpiW

• 0x512104 InitializeCriticalSection

• 0x512108 LeaveCriticalSection

• 0x51210c EnterCriticalSection

• 0x512110 DeleteCriticalSection

• 0x512114 LoadLibraryExW

• 0x512118 GetComputerNameExW

• 0x51211c GetFileSize

• 0x512120 SetEndOfFile

• 0x512124 SetFileTime

• 0x512128 ReadFile

• 0x51212c SetFilePointerEx

• 0x512130 FindClose

• 0x512134 FindNextFileW

• 0x512138 GetFullPathNameW

• 0x51213c GetTempFileNameW

• 0x512140 CreateDirectoryW

• 0x512144 CopyFileW

• 0x512148 GetTempPathW

• 0x51214c GetCurrentDirectoryW

• 0x512150 MoveFileW

• 0x512154 RemoveDirectoryW

• 0x512158 GetWindowsDirectoryW

• 0x51215c DeleteFileW

• 0x512160 SetFileAttributesW

• 0x512164 GetFileSizeEx

• 0x512168 FormatMessageW

• 0x51216c GetTickCount

• 0x512170 FileTimeToSystemTime

• 0x512174 GlobalMemoryStatusEx

• 0x512178 InterlockedExchangeAdd

• 0x51217c InitializeCriticalSectionAndSpinCount

• 0x512180 RaiseException

• 0x512184 DecodePointer

• 0x512188 SetEvent

• 0x51218c ResetEvent

• 0x512190 CreateEventW

• 0x512194 InterlockedExchange

• 0x512198 SetLastError

• 0x51219c ResumeThread

• 0x5121a0 DeviceIoControl

• 0x5121a4 EncodePointer

• 0x5121a8 GetStringTypeW

• 0x5121ac HeapReAlloc

• 0x5121b0 GetCommandLineW

• 0x5121b4 IsDebuggerPresent

• 0x5121b8 IsProcessorFeaturePresent

• 0x5121bc RtlUnwind

• 0x5121c0 GetSystemTimeAsFileTime

• 0x5121c4 CreateThread

• 0x5121c8 ExitThread

• 0x5121cc GetCPInfo

• 0x5121d0 UnhandledExceptionFilter

• 0x5121d4 SetUnhandledExceptionFilter

• 0x5121d8 TerminateProcess

• 0x5121dc TlsAlloc

• 0x5121e0 TlsGetValue

• 0x5121e4 TlsSetValue

• 0x5121e8 TlsFree

• 0x5121ec GetStartupInfoW

• 0x5121f0 CompareStringW

• 0x5121f4 LCMapStringW

• 0x5121f8 GetLocaleInfoW

• 0x5121fc IsValidLocale

• 0x512200 GetUserDefaultLCID

• 0x512204 EnumSystemLocalesW

• 0x512208 ExitProcess

• 0x51220c HeapSize

• 0x512210 GetStdHandle

• 0x512214 GetFileType

• 0x512218 QueryPerformanceCounter

• 0x51221c GetEnvironmentStringsW

• 0x512220 FreeEnvironmentStringsW

• 0x512224 GetOEMCP

Library SHELL32.dll:

• 0x51222c SHGetSpecialFolderPathW

• 0x512230 SHGetFolderPathW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51379	239.255.255.250	3702
192.168.56.101	51381	239.255.255.250	3702
192.168.56.101	51964	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	63432	239.255.255.250	1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.